The invention relates to systems and methods for authenticating users of computer systems, and in particular to systems and methods for authenticating users of computer systems using mobile communications devices.
Two-factor authentication has been proposed as an approach to increasing authentication security relative to the basic username/password method. In an example of such an approach, when a user enters a correct username and associated password to log into a secure site, a one-time code is transmitted to the user's telephone via a voice message or SMS, or to the user's email address, and the user must enter the one-time code on the secure site to complete the login process. A one-time code may also be provided by a hardware display token designed as a keyfob or similar special-purpose portable device, such as the SecurID token sold by RSA, the security division of EMC corporation.
The design of user authentication systems is commonly affected by tradeoffs between security and usability. Increasing system security often involves imposing additional burdens on users, which may reduce system usability.